Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 11-06-2012 03 Ran by SYSTEM at 12-06-2012 00:52:37 Running from F:\ Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.) HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-06-23] (Google) HKLM\...\Run: [Skytel] Skytel.exe [x] HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe [3998616 2011-12-15] (Western Digital Technologies, Inc.) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation) HKU\Default\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [270336 2008-12-05] (Sony Corporation) HKU\Default User\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [270336 2008-12-05] (Sony Corporation) HKU\Mariusz\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [270336 2008-12-05] (Sony Corporation) HKU\Mariusz\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-03-09] (Google Inc.) HKU\Mariusz\...\Run: [] [x] HKU\Mariusz\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x] Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation) AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Tcpip\..\Interfaces\{D73DDF16-1478-484C-9ADF-8BB94633A58B}: [NameServer]213.158.199.1 213.158.199.5 ================================ Services (Whitelisted) ================== 3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 2 Ati External Event Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-04-29] (AMD) 3 DFSR; C:\Windows\System32\DFSR.exe [2092544 2009-04-11] (Microsoft Corporation) 2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation) 2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-21] (Microsoft Corporation) 3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-23] (Google) 2 gupdate1c9ae4ecfe03fc0; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-03-26] (Google Inc.) 3 hkmsvc; C:\Windows\System32\kmsvc.dll [68096 2008-01-21] (Microsoft Corporation) 3 MSCSPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" [53248 2008-05-20] (Sony Corporation) 2 NSUService; "C:\Program Files\sony\Network Utility\NSUService.exe" [303104 2008-12-05] (Sony Corporation) 3 PACSPTISVR; "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" [114688 2009-04-01] (Sony Corporation) 2 RtkAudioService; C:\Windows\RtkAudioService.exe [104992 2008-10-17] (Realtek Semiconductor) 2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) 2 UI Assistant Service; C:\Program Files\blueconnect\AssistantServices.exe [241664 2009-09-15] () 2 VAIO Event Service; "C:\Program Files\sony\VAIO Event Service\VESMgr.exe" [203624 2008-12-09] (Sony Corporation) 2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [415584 2008-10-18] (Sony Corporation) 3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [480624 2009-09-16] (Sony Corporation) 3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [83312 2009-09-08] (Sony Corporation) 2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe" [265624 2011-12-15] (WDC) 2 WDFMEService; "C:\Program Files\Western Digital\WD SmartWare\WDFME.exe" [1591176 2011-12-15] (Western Digital ) 2 WDRulesService; "C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe" [1091992 2011-12-15] (Western Digital ) 2 IviRegMgr; "c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [x] 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ========================== Drivers (Whitelisted) ============= 3 ADM851X; C:\Windows\System32\DRIVERS\ADM851X.SYS [27135 2003-12-19] (ADMtek Incorporated) 3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) 3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.) 0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2009-09-15] (Bytemobile, Inc.) 3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] () 1 DMICall; C:\Windows\System32\DRIVERS\DMICall.sys [10216 2008-11-25] (Sony Corporation) 3 HSF_DPV; C:\Windows\System32\DRIVERS\HSX_DPV.sys [985600 2008-01-25] (Conexant Systems, Inc.) 4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH) 3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2009-09-01] (ZTE Incorporated) 3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-11] (Malwarebytes Corporation) 2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2008-01-25] (Conexant) 3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [444800 2008-07-09] (DiBcom) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation) 3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation) 3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-26] (Nokia) 2 regi; C:\Windows\System32\drivers\regi.sys [11032 2007-04-18] (InterVideo) 2 risdptsk; C:\Windows\System32\DRIVERS\risdptsk.sys [46592 2008-10-03] (REDC) 3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [126976 2011-10-07] (Prolific Technology Inc.) 3 SFEP; C:\Windows\System32\DRIVERS\SFEP.sys [9344 2008-08-22] (Sony Corporation) 2 SymAFR; C:\Windows\System32\DRIVERS\SymAFR.sys [15408 2009-07-07] (Windows (R) Codename Longhorn DDK provider) 1 tcpipBM; C:\Windows\System32\Drivers\tcpipBM.sys [18816 2009-09-15] (Bytemobile, Inc.) 3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [27648 2009-04-11] (Microsoft Corporation) 3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2011-11-01] (Nokia) 3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105088 2009-09-01] (ZTE Incorporated) 3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105088 2009-09-01] (ZTE Incorporated) 3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105088 2009-09-01] (ZTE Incorporated) 3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 MEMSWEEP2; \??\C:\Windows\system32\D5A2.tmp [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] 4 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-12 05:35 - 2012-06-12 05:35 - 00067908 ____A C:\OTL.Txt 2012-06-12 00:52 - 2012-06-12 00:52 - 00000000 ____D C:\FRST 2012-06-11 21:04 - 2012-06-11 21:54 - 00520864 ____A C:\Windows\ntbtlog.txt 2012-06-11 20:49 - 2012-06-11 20:49 - 00596480 ____A (OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.exe 2012-06-11 20:34 - 2012-06-11 20:48 - 72607776 ____A (Microsoft Corporation) C:\Users\Mariusz\Downloads\msert.exe 2012-06-11 20:31 - 2012-06-11 20:32 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-11 20:24 - 2012-06-11 20:25 - 10299264 ____A (Microsoft Corporation) C:\Users\Mariusz\Downloads\mseinstall.exe 2012-06-11 19:36 - 2012-06-11 19:36 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-05 10:21 - 2012-06-05 10:21 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Real 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Users\Mariusz\AppData\Local\Real 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Users\All Users\Real 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Program Files\Real Alternative 2012-05-30 15:12 - 2008-09-10 20:56 - 00185920 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll 2012-05-30 15:12 - 2001-06-23 00:31 - 00278528 ____A (Real Networks, Inc) C:\Windows\System32\pncrt.dll 2012-05-30 15:12 - 1998-05-12 19:36 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll 2012-05-30 15:12 - 1998-03-26 03:57 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll 2012-05-27 16:33 - 2012-05-27 16:36 - 00000000 ___HD C:\Users\Mariusz\.FBReader 2012-05-27 16:32 - 2012-05-27 16:32 - 00000000 ____D C:\Program Files\FBReader 2012-05-22 20:13 - 2012-05-22 20:13 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\ArcaBit 2012-05-22 14:54 - 2012-05-22 15:05 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\ArcaVirMicroScan 2012-05-22 06:35 - 2012-05-22 06:35 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Malwarebytes 2012-05-22 06:35 - 2012-05-22 06:35 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-05-22 06:35 - 2012-05-22 06:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-05-22 06:35 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys ============ 3 Months Modified Files and Folders =============== 2012-06-12 05:35 - 2012-06-12 05:35 - 00067908 ____A C:\OTL.Txt 2012-06-12 05:32 - 2009-03-08 19:43 - 00000000 ____D C:\users\Mariusz 2012-06-12 00:52 - 2012-06-12 00:52 - 00000000 ____D C:\FRST 2012-06-11 21:59 - 2006-11-02 14:01 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-11 21:59 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-11 21:57 - 2009-07-01 21:01 - 00001032 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-11 21:57 - 2006-11-02 13:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-11 21:57 - 2006-11-02 13:47 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-11 21:55 - 2009-07-03 17:56 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2012-06-11 21:54 - 2012-06-11 21:04 - 00520864 ____A C:\Windows\ntbtlog.txt 2012-06-11 21:35 - 2008-12-08 19:17 - 00676798 ____A C:\Windows\System32\perfh015.dat 2012-06-11 21:35 - 2008-12-08 19:17 - 00132384 ____A C:\Windows\System32\perfc015.dat 2012-06-11 21:35 - 2006-11-02 11:33 - 01510600 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-11 20:55 - 2012-01-20 10:42 - 00000000 __SHD C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0} 2012-06-11 20:49 - 2012-06-11 20:49 - 00596480 ____A (OldTimer Tools) C:\Users\Mariusz\Downloads\OTL.exe 2012-06-11 20:48 - 2012-06-11 20:34 - 72607776 ____A (Microsoft Corporation) C:\Users\Mariusz\Downloads\msert.exe 2012-06-11 20:48 - 2011-04-17 14:29 - 02008681 ____A C:\Windows\WindowsUpdate.log 2012-06-11 20:38 - 2011-01-26 17:18 - 00001912 ____A C:\Windows\epplauncher.mif 2012-06-11 20:32 - 2012-06-11 20:31 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-06-11 20:25 - 2012-06-11 20:24 - 10299264 ____A (Microsoft Corporation) C:\Users\Mariusz\Downloads\mseinstall.exe 2012-06-11 20:20 - 2012-02-28 19:52 - 00000000 ____D C:\Users\Mariusz\AppData\Local\ElevatedDiagnostics 2012-06-11 20:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\ModemLogs 2012-06-11 20:08 - 2009-07-01 21:01 - 00001036 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-11 19:48 - 2010-05-17 18:38 - 00000000 ____D C:\Program Files\blueconnect 2012-06-11 19:48 - 2009-03-08 23:55 - 00000000 ____D C:\Program Files\AVI ReComp 2012-06-11 19:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool 2012-06-11 19:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc 2012-06-11 19:48 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration 2012-06-11 19:36 - 2012-06-11 19:36 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2012-06-11 19:22 - 2012-03-03 10:44 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Media Player Classic 2012-06-11 19:22 - 2009-03-15 13:05 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\uTorrent 2012-06-11 10:08 - 2009-03-15 12:53 - 00000000 ____D C:\Users\Mariusz\Downloads\Filmy 2012-06-11 09:46 - 2010-04-08 22:36 - 00000000 ____D C:\Users\Mariusz\Downloads\aJdown 2012-06-11 09:45 - 2009-03-11 19:33 - 00183808 ____A C:\Users\Mariusz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-08 13:08 - 2009-03-08 23:56 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\AVI ReComp 2012-06-06 18:12 - 2009-09-05 09:20 - 00000000 ____D C:\Program Files\JDownloader 0.8 2012-06-05 10:21 - 2012-06-05 10:21 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-06-04 18:57 - 2012-04-11 09:12 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-06-04 18:57 - 2011-05-16 17:52 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-06-03 20:05 - 2009-03-12 18:24 - 00000000 ____D C:\Program Files\CCleaner 2012-06-02 11:42 - 2009-03-08 22:27 - 00000000 ____D C:\Users\Mariusz\Documents\Prywatne 2012-05-31 23:20 - 2012-04-13 18:15 - 00000000 ____D C:\Users\Public\Mikolaja 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Real 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Users\Mariusz\AppData\Local\Real 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Users\All Users\Real 2012-05-30 15:12 - 2012-05-30 15:12 - 00000000 ____D C:\Program Files\Real Alternative 2012-05-30 15:10 - 2010-11-02 18:45 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI 2012-05-27 16:36 - 2012-05-27 16:33 - 00000000 ___HD C:\Users\Mariusz\.FBReader 2012-05-27 16:32 - 2012-05-27 16:32 - 00000000 ____D C:\Program Files\FBReader 2012-05-26 11:33 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public 2012-05-22 20:13 - 2012-05-22 20:13 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\ArcaBit 2012-05-22 19:47 - 2009-03-21 00:11 - 00000000 ____D C:\Users\Mariusz\Downloads\Programy 2012-05-22 15:05 - 2012-05-22 14:54 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\ArcaVirMicroScan 2012-05-22 07:04 - 2009-03-13 21:28 - 00000000 ____D C:\Program Files\MediaCoder 2012-05-22 07:03 - 2009-03-16 19:25 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Broad Intelligence 2012-05-22 06:35 - 2012-05-22 06:35 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Malwarebytes 2012-05-22 06:35 - 2012-05-22 06:35 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-05-22 06:35 - 2012-05-22 06:35 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-05-22 06:33 - 2009-03-08 22:55 - 00000000 ____D C:\Program Files\Mozilla Firefox 2012-05-20 21:46 - 2009-05-04 20:09 - 00000000 ____D C:\Users\All Users\ipla 2012-05-20 21:45 - 2009-05-04 20:09 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\ipla 2012-05-20 11:38 - 2009-03-13 21:36 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Winamp 2012-05-20 09:45 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\config\TxR 2012-05-20 09:33 - 2006-11-02 11:22 - 63700992 ____A C:\Windows\System32\config\components_previous 2012-05-20 09:33 - 2006-11-02 11:22 - 63438848 ____A C:\Windows\System32\config\software_previous 2012-05-20 09:33 - 2006-11-02 11:22 - 22544384 ____A C:\Windows\System32\config\system_previous 2012-05-20 09:33 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\security_previous 2012-05-20 09:33 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\sam_previous 2012-05-20 09:33 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\default_previous 2012-05-20 09:31 - 2011-05-31 18:56 - 00000000 ____D C:\users\Gosc 2012-05-15 18:40 - 2009-03-08 22:29 - 00000000 ____D C:\Users\Mariusz\Downloads\Teksty 2012-05-13 11:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET 2012-05-13 11:33 - 2009-03-13 01:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2012-05-12 20:27 - 2006-11-02 13:47 - 00402576 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-12 20:24 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\System32\XPSViewer 2012-05-12 20:15 - 2009-03-09 02:29 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-05-12 20:05 - 2006-11-02 11:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2012-05-12 19:52 - 2009-03-13 21:51 - 00000039 ____A C:\Windows\vbaddin.ini 2012-05-12 09:59 - 2009-03-08 23:56 - 00000000 ____D C:\Program Files\Xvid 2012-05-12 09:58 - 2009-03-08 23:55 - 00000000 ____D C:\Program Files\AviSynth 2.5 2012-05-04 19:15 - 2009-03-08 19:43 - 00000000 ___RD C:\Users\Mariusz\Wideo 2012-05-03 10:57 - 2012-04-01 17:50 - 00000000 ____D C:\Program Files\MKVToolNix 2012-04-27 09:13 - 2009-03-09 02:53 - 00000000 ____D C:\Program Files\Picasa2 2012-04-25 00:35 - 2009-03-09 23:20 - 00000000 ____D C:\MK 2012-04-24 21:18 - 2012-04-24 21:18 - 00000000 ____D C:\Users\All Users\Mozilla 2012-04-24 21:18 - 2012-04-24 21:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2012-04-22 18:29 - 2012-04-22 18:29 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\AnvSoft 2012-04-22 18:27 - 2012-04-22 18:25 - 00000000 ____D C:\Program Files\Any Video Converter Ultimate 2012-04-18 21:31 - 2012-04-18 21:31 - 00030720 ____A C:\Users\Mariusz\Documents\Uprawnienia strazników wynikajace z ustawy.doc 2012-04-10 21:10 - 2012-04-10 21:10 - 00000000 ____D C:\Users\Mariusz\AppData\Local\ZNetCS 2012-04-09 16:35 - 2009-03-09 19:52 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\Skype 2012-04-09 16:24 - 2009-03-09 19:54 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\skypePM 2012-04-05 21:33 - 2011-04-17 15:40 - 00000000 ____D C:\Users\All Users\Roxio 2012-04-04 14:56 - 2012-05-22 06:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-03 09:16 - 2012-05-12 19:45 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-04-03 09:16 - 2012-05-12 19:45 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-02 14:36 - 2012-05-12 19:45 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-04-01 17:51 - 2012-04-01 17:51 - 00000000 ____D C:\Users\Mariusz\AppData\Roaming\mkvtoolnix 2012-03-30 18:16 - 2011-05-10 07:54 - 00000182 ____A C:\Users\Mariusz\Desktop\MyRelease.URL 2012-03-30 13:39 - 2012-05-12 19:46 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 14:39 - 2012-05-12 19:46 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-03-27 18:38 - 2009-10-15 20:14 - 00000127 ____A C:\Users\Mariusz\Desktop\Napisy24.URL 2012-03-26 18:02 - 2012-01-03 21:01 - 00000000 ____D C:\Rozliczenie Roczne 2011 2012-03-22 20:12 - 2012-03-22 20:12 - 04435968 ____A (Google Inc.) C:\Windows\System32\GPhotos.scr 2012-03-21 00:28 - 2012-05-12 19:47 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-20 19:44 - 2012-03-20 19:44 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-03-20 19:44 - 2012-03-20 19:44 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys ZeroAccess: C:\Windows\Installer\{a3db0ff4-6e11-e494-0774-fadfcda4aad0} C:\Windows\Installer\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\@ C:\Windows\Installer\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\L C:\Windows\Installer\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\n C:\Windows\Installer\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\U ZeroAccess: C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0} C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\@ C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\L C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\U C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\U\00000001.@ C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\U\80000000.@ C:\Users\Mariusz\AppData\Local\{a3db0ff4-6e11-e494-0774-fadfcda4aad0}\U\800000cb.@ ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-03 17:56] - [2012-06-11 21:55] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 4062.13 MB Available physical RAM: 3572.93 MB Total Pagefile: 3818.33 MB Available Pagefile: 3649.32 MB Total Virtual: 2047.88 MB Available Virtual: 1974.32 MB ======================= Partitions ========================= 1 Drive c: (Twardziel) (Fixed) (Total:283.58 GB) (Free:141.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERYDISC1) (CDROM) (Total:4.21 GB) (Free:0 GB) CDFS 3 Drive e: (Recovery) (Fixed) (Total:14.51 GB) (Free:0.83 GB) NTFS 4 Drive f: (MARIUSZPEN) (Removable) (Total:3.77 GB) (Free:1.37 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 3875 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 15 GB 1024 KB Partition 2 Primary 284 GB 15 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Recovery NTFS Partition 15 GB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C Twardziel NTFS Partition 284 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3871 MB 4032 KB ====================================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 F MARIUSZPEN FAT32 Removable 3871 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-11 19:58 ======================= End Of Log ==========================